Your submission was sent successfully! Close

CVE-2021-3947

Published: 18 February 2022

A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
hirsute Ignored
(reached end-of-life)
impish Not vulnerable
(code not present)
jammy
Released (1:6.2+dfsg-2ubuntu5)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
Patches:
upstream: https://gitlab.com/qemu-project/qemu/-/commit/e2c57529c9306e4